Password Security Policy

Reading Time: 3 minutes

We take security seriously in every area – and the most common method of security, most people nowadays are very familiar with, is the password.

In the privileged position of being trusted with your user security – we would like take this opportunity to share with you, and encourage adoption of, our Password Security Policy – for your personal and work security needs – and the wider contribution we may be able to make to security education, and encouragement of personal data security responsibility for all our service users and peers.

Password security is a long subject, and the quickest and most user-friendly method of increased security for your passwords, that we can recommend, is simple longer passwords. [1]

This site offers you an option to set your own login directly, and your login will be encrypted by your browser before being transmitted to our servers, where it is stored encrypted-at-rest – meaning, we cannot see or ever recover your passwords because we just don’t have them stored in any way that could enable decryption.

Plus, our internal server network traffic and disks are encrypted too, for additional layers of best-practice protection – with the same minimum password security and multi-factor authentication protections that we recommend.

If you forget or lose access to your password – you only method or recover is with a password reset or contacting us to answer some security questions to verify your account ownership – and then the team will only be able to advise you of your recorded email and trigger a password reset email link to be sent to you.

Or you can use one of the social login services, from platforms expected to maintain similar security systems for your logins credentials, for your ease of having less logins to remember or save, and reassurance of high security standards being a priority for recognisable platforms, relying on high-levels of user-security trust.

12-characters or more

We only have one rule for the strength of your password – for it to be 12-characters or more – because it is the most significant factor in protection against brute-force attacks – and character-complexity makes passwords more difficult to remember and therefore encourages more repeat usage, which we recommend you avoid. [2].

If you need to create a password that you cannot store in a password manager because you need to remember it, or it is the password you use to open your password manager, then phrases can be easier to remember – but don’t use things like common expressions or song-lyrics, that hackers could build databases of to also try – but things like: “dadlovesstatusquo”, “orangechocolatewine” etc.

Password Managers

We also strongly recommend using a password manager like that provided by your browser, or an extension service like 1Password or LastPass (which are compulsory for our team) for the convenience they afford in saving unique, lengthy and complex passwords.

Password manager services will then alert you to potential site breaches, duplicate password usage, and suggest which sites you should change your passwords with – including if one of the social login services were ever to have any issues – and if they did, we would disable their usage for a period of time until they had announced the issue is resolved and all users have been encouraged to reset their passwords on that platform.

Two-Factor Authentication (2FA)

Also known as Multi-Factor Authentication (MFA)

We have also made available the option to add two-factor authentication to you login for additional security from your My Account Dashboard. For which we recommend the following apps have been tested and confirmed working by our team:

  • Authy – works on smartphones and desktop, synched between devices
  • LastPass Authenticator – smartphones-only at the time of writing and push-authentication, synched between devices
  • Google Authenticator – smartphones-only at the time of writing but no synching between devices

This gives you the strongest possible protection – and currently is the highest possible method of security that we support and recommend.

Security and login feedback

Please stay safe online – and let us know if you have any questions, suggestions or feedback on this policy, our login procedures or anything else.

User feedback is our single most valuable insight into how we can help make things better for you – and we promise we will always read and reply to every message in respect of the trust and opportunities to serve you share with us.

Footnotes & References

  1. Password Security: Complexity vs Length[]  
  2. Estimating Password Cracking Times[]  

Leave a Reply

Main Menu

Preferences

  • Currency
  • Language
  • Delivery Country